Editor’s Note: This post was originally published in April 2015 and has been updated for accuracy and comprehensiveness. “Web cookies.” We see this term thrown around online quite a bit, whether it be in dialogue boxes requesting permission to use them, or site...

If you’re a web application developer or security professional, chances are you’ve heard at least a little about the OWASP Application Security Verification Standard. Currently at version 3.0.1 and reflecting a wealth of industry feedback, this community-led project...

The Web Application Attack and Audit Framework (w3af) is an open source framework for auditing and exploitation of web applications. For businesses whose IT budgets aren’t hefty enough to purchase proprietary, enterprise-class tools like IBM Security AppScan or Cenzic...

Hackers are relentless in their targeted attacks on application-level security vulnerabilities. The way to mitigate these risks is to write more secure code. Cybercrime risk isn’t the only reason to focus on software security. It’s mandated as part of many information...

In our work with clients we sometimes encounter a misconception that performing an Application Vulnerability Assessment and/or a Penetration Test amounts to an assessment of a web application’s vulnerability to the OWASP Top 10 security flaws. This has never been the...